Here is a quick example of a simple Git repository that contains has no files committed to it. An nearly identical concept also exists in Mercurial.
![mercurial windows hook to check comment on pre commit mercurial windows hook to check comment on pre commit](https://image.slidesharecdn.com/introduction-to-mercurial-1202123334149338-4/85/introduction-to-mercurial-27-320.jpg)
So, in a way, if you had a Git repository called Test, Test/.hg is the repository and everything else under the Test directory is simply a working copy of of the files contained in the repository at a particular point in time. Everything else outside of this special directory is just a pile of files and directories, often called the working directory, written to disk based on the previous mentioned metadata. hg for Mercurial) that contains all of the configuration files and metadata that makes up the repository. In this directory is another specially named directory (.git for Git. Under the hood, a Git or Mercurial repository on disk is really just a directory.
![mercurial windows hook to check comment on pre commit mercurial windows hook to check comment on pre commit](https://www.ninetech.com/wp-content/uploads/2020/10/etjansteportal-varmlandstrafik-ninetech-1536x581.jpg)
To understand these vulnerabilities and their impact, you must first understand a few basic things about Git and Mercurial clients.
#Mercurial windows hook to check comment on pre commit code#
While the folks behind CVE are still publishing the final details, Git clients (before versions 1.8.5.6, 1.9.5, 2.0.5, 2.1.4 and 2.2.1) and Mercurial clients (before version 3.2.3) contained three vulnerabilities that allowed malicious Git or Mercurial repositories to execute arbitrary code on vulnerable clients under certain circumstances. This post is the eighth in a series, 12 Days of HaXmas_, where we take a look at some of more notable advancements and events in the Metasploit Framework over the course of 2014.Ī week or two back, Mercurial inventor Matt Mackall found what ended up being filed as CVE-2014-9390.